Published: 13/05/2021 Updated: 07/09/2021

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Elasticsearch versions prior to 7.11.2 and 6.8.15 contain a document disclosure flaw was found in the Elasticsearch suggester and profile API when Document and Field Level Security are enabled. The suggester and profile API are normally disabled for an index when document level security is enabled on the index. Certain queries are able to enable the profiler and suggester which could lead to disclosing the existence of documents and fields the attacker should not be able to view.

Vulnerable Product	Search on Vulmon	Subscribe to Product
elastic elasticsearch

Synopsis Moderate: Red Hat Integration Camel Extensions for Quarkus 27 security update Type/Severity Security Advisory: Moderate Topic Red Hat Integration Camel Extensions for Quarkus 27 is now available The purpose of this text-only errata is to inform you about the security issues fixedRed Hat Product Security has rated this update as h ...

No description is available for this CVE ...

In Elasticsearch versions before 7112 and 6815, a document disclosure flaw was found in the Elasticsearch suggester and profile API when Document and Field Level Security are enabled The suggester and profile API are normally disabled for an index when document level security is enabled on the index Certain queries are able to enable the prof ...

CWE-200 https://discuss.elastic.co/t/elastic-stack-7-12-0-and-6-8-15-security-update/268125 https://security.netapp.com/advisory/ntap-20210625-0003/https://access.redhat.com/errata/RHSA-2022:5606 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2021-22135

CVE-2021-22135

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect